External key management

Follow these steps for external key management when all drives are locked.

Before you begin

Note: The newly swapped controllers will lock down with seven-segment display code of L5. This lock down occurs when no drives in the storage array are able to perform autocode synchronization (ACS). ACS resumes and updates the new controllers after the security key is imported.

Procedure

  1. Install the SANtricity client to a laptop or PC to be used in step 2 to connect directly to the array controller.
  2. Connect the laptop or PC to controller A management port 1 directly via an RJ45 ethernet cable. You might also need to set the laptop IP address to the same subnet.
  3. Using default IP address 192.168.128.101 with username ‘admin’ and the password blank, set up the external key management server using the set storageArray externalKeyManagement command and provide the serverAddress and serverPort saved from the "Prepare to upgrade controllers" section. For information about using this command, see the Command Line Reference.
    Example: SMcli 192.168.128.101 -u admin -c "set storageArray externalKeyManagement serverAddress=<ServerIPAddress> serverPort=<serverPort>;"
  4. Using the default IP address 192.168.128.101 with the username ‘admin’ and the password remaining blank, download the storageArray keyManagementCertificate for the client certificate and repeat again for the server certificate. For information about using this command, see the Command Line Reference.
    Example A: SMcli 192.168.128.101 -u admin -c "download storageArray keyManagementCertificate certificateType=client file=\"Directory&FileName\";"
    Example B: SMcli 192.168.128.101 -u admin -c "download storageArray keyManagementCertificate certificateType=server file=\"Directory&FileName\";"
  5. Using the security key saved from the "Prepare to upgrade controllers" section, import the external key to IP address 192.168.128.101 with the username ‘admin’ and the password remaining blank. For information about using this command, see the Command Line Reference.
    Example: SMcli 192.168.128.101 -u admin -c "import storageArray securityKey file=\"Directory&FileName\" passPhrase=\"passPhraseString\";"

Result

Controllers will continue with the autocode synchronization process from the drives and reboot. After reboot the controllers will be accessible through the original IP configuration.